Search Privacy Fines
Browse and filter privacy enforcement fines worldwide.
59 fines found
Total: $55.4M
| Date | Company | Fine | Regulation | Authority | Country | Type | Summary |
|---|---|---|---|---|---|---|---|
| 2022-05-23 | Clearview AI | €20.0M | GDPR | Greece HDPA | Greece | consent | Unlawful processing of biometric data through facial recognition without consent...Unlawful processing of biometric data through facial recognition without consent. Articles: Art. 5, Art. 6, Art. 9 |
| 2022-07-13 | Clearview AI | €20.0M | GDPR | Hellenic Data Protection Authority (HDPA) | Greece | Failure to comply with data processing principles | --Articles: Art. 5 (1) a) GDPR, Art. 6 GDPR, Art. 9 GDPR, Art. 12 GDPR, Art. 14 GDPR, Art. 15 GDPR, Art. 27 GDPR |
| 2022-01-27 | Cosmote Mobile Telecommunications S.A. | €6.0M | GDPR | Hellenic Data Protection Authority (HDPA) | Greece | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) a) GDPR, Art. 5 (2) GDPR, Art. 13 GDPR, Art. 14 GDPR, Art. 25 (1) GDPR, Art. 26 GDPR, Art. 28 GDPR, Art. 35 (7) GDPR |
| 2022-01-27 | OTE Group | €3.2M | GDPR | Hellenic Data Protection Authority (HDPA) | Greece | Failure to implement sufficient measures to ensure information | --Articles: Art. 32 GDPR |
| 2019-10-07 | Telecommunication Service Provider | €200K | GDPR | Hellenic Data Protection Authority (HDPA) | Greece | Failure to comply with data processing principles | --Articles: Art. 5 (1) c) GDPR, Art. 25 GDPR |
| 2019-10-07 | Telecommunication Service Provider | €200K | GDPR | Hellenic Data Protection Authority (HDPA) | Greece | Failure to comply with data processing principles | --Articles: Art. 21 (3) GDPR, Art. 25 GDPR |
| 2019-10-07 | Telecommunication Service Provider | €200K | GDPR | Hellenic Data Protection Authority (HDPA) | Greece | Failure to comply with data processing principles | Due to technical errors, the personal data of 8.000 customers wasn’t delet...Due to technical errors, the personal data of 8.000 customers wasn’t deleted upon request Articles: Art. 21 (3) GDPR, Art. 25 GDPR |
| 2019-10-07 | Telecommunication Service Provider | €200K | GDPR | Hellenic Data Protection Authority (HDPA) | Greece | Failure to comply with data processing principles | Despite the clear refusal of telemarketing calls by the customers, the company p...Despite the clear refusal of telemarketing calls by the customers, the company proceeded to ignore this because of technical errors. Articles: Art. 5 (1) c) GDPR, Art. 25 GDPR |
| 2019-12-19 | "Aegean Marine Petroleum Network Inc. | €150K | GDPR | Hellenic Data Protection Authority (HDPA) | Greece | Art. 5 GDPR|Art. 6 GDPR|Art. 32 GDPR | http://www.dpa.gr/APDPXPortlets/htdocs/documentDisplay.jsp?docid=205,136,113,56,...http://www.dpa.gr/APDPXPortlets/htdocs/documentDisplay.jsp?docid=205,136,113,56,60,108,243,88 Articles: " |
| 2019-07-30 | PWC Business Solutions | €150K | GDPR | Hellenic Data Protection Authority (HDPA) | Greece | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) GDPR, Art. 5 (2) GDPR, Art. 6 (1) GDPR, Art. 13 (1) c) GDPR, Art. 14 (1) c) GDPR |
| 2019-07-30 | PWC Business Solutions | €150K | GDPR | Hellenic Data Protection Authority (HDPA) | Greece | Non-compliance with lawful basis for data processing | The company unlawfully processed the employer’s data while creating the il...The company unlawfully processed the employer’s data while creating the illusion that it acted under the legal basis of consent. Whereas, the company was using a different legal basis. This is a strict violation of the transparency principle. Moreover, the company violated the accountability principle when it failed to bring evidence related to the proper assessment of the employer’s data using the right legal bases. Articles: Art. 5 (1) GDPR, Art. 5 (2) GDPR, Art. 6 (1) GDPR, Art. 13 (1) c) GDPR, Art. 14 (1) c) GDPR |
| 2019-12-19 | Aegean Marine Petroleum Network Inc. | €150K | GDPR | Hellenic Data Protection Authority (HDPA) | Greece | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 6 GDPR, Art. 32 GDPR |
| 2021-12-29 | Greek Ministry of Tourism | €75K | GDPR | Hellenic Data Protection Authority (HDPA) | Greece | Failure to implement sufficient measures to ensure information security | --Articles: Art. 13 GDPR, Art. 32 GDPR, Art. 33 GDPR, Art. 37 GDPR |
| 2022-01-13 | Intellexa SA | €50K | GDPR | Hellenic Data Protection Authority (HDPA) | Greece | Non-cooperation with Data Protection Authority | --Articles: Art. 31 GDPR |
| 2023-02-20 | Vodafone | €40K | GDPR | Hellenic Data Protection Authority (HDPA) | Greece | Insufficient fulfilment of data breach notification obligations | --Articles: Art. 15 GDPR, Art. 33 GDPR |
| 2022-08-03 | Private Polyclinic and Diagnostic Centre of Pyle Axiou | €30K | GDPR | Hellenic Data Protection Authority (HDPA) | Greece | Failure to comply with data processing principles | --Articles: Art. 5 (1) f) GDPR |
| 2021-12-08 | One Way Private Company | €30K | GDPR | Hellenic Data Protection Authority (HDPA) | Greece | Failure to implement sufficient measures to ensure information security | --Articles: Art. 28 (3) c) GDPR, Art. 32 (2), (4) GDPR, Art. 11 (1) Νόμος 3471/2006 |
| 2023-02-02 | Piraeus Bank | €30K | GDPR | Hellenic Data Protection Authority (HDPA) | Greece | Failure to comply with data processing principles | --Articles: Art. 5 (1) a), f) GDPR, Art. 33 GDPR, Art. 34 GDPR |
| 2022-02-15 | ΛΙΜΕΝΟΣ ΗΡΑΚΛΕΙΟΥ Α.Ε. | €30K | GDPR | Hellenic Data Protection Authority (HDPA) | Greece | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 12 (1), (2) GDPR, Art. 15 (1) GDPR |
| 2022-07-19 | DO VALUE GREECE LOANS & CREDITS CLAIM MANAGEMENT S.A. | €30K | GDPR | Hellenic Data Protection Authority (HDPA) | Greece | Failure to comply with data processing principles | --Articles: Art. 5 (1) a) GDPR, Art. 5 (2) GDPR, Art. 6 GDPR, Art. 12 (2) GDPR |
| 2021-12-31 | INFO COMMUNICATION SERVICES | €30K | GDPR | Hellenic Data Protection Authority (HDPA) | Greece | Information obligation non-compliance | --Articles: Art. 13 GDPR, Art. 14 GDPR, Art. 11 Law 3471/2006 |
| 2021-12-31 | PLUS REAL ADVERTISEMENT | €25K | GDPR | Hellenic Data Protection Authority (HDPA) | Greece | Information obligation non-compliance | --Articles: Art. 13 GDPR, Art. 14 GDPR, Art. 11 Law 3471/2006 |
| 2022-10-03 | PIRAEUS BANK S.A. | €20K | GDPR | Hellenic Data Protection Authority (HDPA) | Greece | Failure to implement sufficient measures to ensure information security | --Articles: Art. 13 GDPR |
| 2019-10-18 | Wind Hellas Telecommunications | €20K | GDPR | Hellenic Data Protection Authority (HDPA) | Greece | Non-compliance with subjects' rights protection safeguards | The company ignored objections voiced by the affected parties regarding advertis...The company ignored objections voiced by the affected parties regarding advertising and marketing calls. Articles: Art. 21 GDPR |
| 2022-10-03 | ALFA BANK, S.A. | €20K | GDPR | Hellenic Data Protection Authority (HDPA) | Greece | Failure to implement sufficient measures to ensure information security | --Articles: Art. 13 GDPR |